Remote Code Execution Vulnerability in CoreWCF by CoreWCF
CVE-2026-54772
7.5HIGH
What is CVE-2026-54772?
An unauthenticated remote attacker can exploit the handling of premature End-of-File (EOF) in CoreWCF's NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoints. This vulnerability can pin a server thread-pool worker at full CPU utilization for every connection made, potentially leading to denial-of-service conditions. The issue has been addressed in versions 1.8.1 and 1.9.1, which mitigate this risk.
Affected Version(s)
CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1
CoreWCF < 1.8.1 < 1.8.1
